"It is the publication of this level of detail which we believe breaches the boundary of responsible disclosure. Essentially, it places in the public domain a blueprint for building a device which purports to exploit a loophole in the security of chip and PIN," the letter states.

But in a reply to the UKCA, Ross Anderson, professor of security engineering at the university's Computer Laboratory, refused to take down the thesis and said the loopholes had already been disclosed to bankers.

"You seem to think we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton and of Darwin; censoring writings that offend the powerful is offensive to our deepest values," Anderson wrote.

Anderson and his colleagues discovered the loophole in chip-and-pin security in October 2009 and told the banks about the flaw later that year. They revealed the loophole publicly on the BBC's Newsnight programme in February 2010.

In view of the UKCA's letter, Anderson has authorised Choudary's thesis to be published as a Computer Laboratory technical report.

"This will make it easier for people to find and cite, and will ensure that its presence on our website is permanent," his reply to the UKCA states.

"It is outrageous that the banking industry should try to censor a student's thesis even though it was lawful and already in the public domain," Anderson told the Guardian.

"It was particularly surprising for its chair, Melanie Johnson, to make this request; as a former MP she must be aware of the Human Rights Act, and as a former Cambridge graduate student she should have a better understanding of this university's culture.

"Her intervention was completely counterproductive for the banks who employ her: Omar's thesis will now be read by thousands of people who would otherwise not have heard of it," he said.

This article was amended on 30 December 2010. The original picture showed a cash machine, which would not be affected by the security loophole.